From 25b75537a20f304043ac63400203896c82729a63 Mon Sep 17 00:00:00 2001
From: Subrata Sen Gupta <subrata@smartitengineering.com>
Date: Wed, 18 Feb 2009 22:03:59 +0600
Subject: [PATCH] apply http method security

Signed-off-by: Subrata Sen Gupta <subrata@smartitengineering.com>
---
 .../bookstore/ws/client/AbstractClientImpl.java    |   2 +-
 .../bookstore/ws/client/LoginCenter.java           |  35 +++++
 .../bookstore/ws/client/WebServiceClientTest.java  | 174 ++++++++++++++++-----
 .../src/main/resources/app-context-security.xml    |  11 +-
 .../ws/server/BookStoreResourcesTest.java          |   4 +-
 5 files changed, 177 insertions(+), 49 deletions(-)
 create mode 100644 WebServiceClient/src/main/java/com/smartitengineering/bookstore/ws/client/LoginCenter.java

diff --git a/WebServiceClient/src/main/java/com/smartitengineering/bookstore/ws/client/AbstractClientImpl.java b/WebServiceClient/src/main/java/com/smartitengineering/bookstore/ws/client/AbstractClientImpl.java
index 88c826c..b577d0d 100644
--- a/WebServiceClient/src/main/java/com/smartitengineering/bookstore/ws/client/AbstractClientImpl.java
+++ b/WebServiceClient/src/main/java/com/smartitengineering/bookstore/ws/client/AbstractClientImpl.java
@@ -63,7 +63,7 @@ public abstract class AbstractClientImpl {
 
     public WebResource getWebResource() {
         DefaultApacheHttpClientConfig clientConfig = new DefaultApacheHttpClientConfig();
-        clientConfig.getState().setCredentials(null, null, -1, username, password);
+        clientConfig.getState().setCredentials(null, null, -1, LoginCenter.getUsername(), LoginCenter.getPassword());
         clientConfig.getProperties().put(ApacheHttpClientConfig.PROPERTY_PREEMPTIVE_AUTHENTICATION, 
             Boolean.TRUE);
         client = ApacheHttpClient.create(clientConfig);
diff --git a/WebServiceClient/src/main/java/com/smartitengineering/bookstore/ws/client/LoginCenter.java b/WebServiceClient/src/main/java/com/smartitengineering/bookstore/ws/client/LoginCenter.java
new file mode 100644
index 0000000..c728c2e
--- /dev/null
+++ b/WebServiceClient/src/main/java/com/smartitengineering/bookstore/ws/client/LoginCenter.java
@@ -0,0 +1,35 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package com.smartitengineering.bookstore.ws.client;
+
+/**
+ *
+ * @author modhu7
+ */
+public class LoginCenter {
+    private static String username;
+    private static String password;
+
+    private LoginCenter() {
+        throw new AssertionError();
+    }
+
+    public static String getPassword() {
+        return password;
+    }
+
+    public static void setPassword(String password) {
+        LoginCenter.password = password;
+    }
+
+    public static String getUsername() {
+        return username;
+    }
+
+    public static void setUsername(String username) {
+        LoginCenter.username = username;
+    }    
+}
diff --git a/WebServiceClient/src/test/java/com/smartitengineering/bookstore/ws/client/WebServiceClientTest.java b/WebServiceClient/src/test/java/com/smartitengineering/bookstore/ws/client/WebServiceClientTest.java
index d9698f8..ce014f3 100644
--- a/WebServiceClient/src/test/java/com/smartitengineering/bookstore/ws/client/WebServiceClientTest.java
+++ b/WebServiceClient/src/test/java/com/smartitengineering/bookstore/ws/client/WebServiceClientTest.java
@@ -67,7 +67,6 @@ public class WebServiceClientTest
         return UriBuilder.fromUri(connectionUri).port(getPort(new Integer(
                 connectionPort))).path(warname).build();
     }
-    
     private GlassFish glassfish;
 
     public WebServiceClientTest(String testName) throws IOException {
@@ -77,16 +76,18 @@ public class WebServiceClientTest
     @Override
     protected void setUp()
             throws Exception {
-        super.setUp();        
+        super.setUp();
         try {
-            InputStream inputStream = WebServiceClientTest.class.getClassLoader().getResourceAsStream("testConfiguration.properties");
+            InputStream inputStream = WebServiceClientTest.class.getClassLoader().
+                    getResourceAsStream("testConfiguration.properties");
             properties.load(inputStream);
         } catch (FileNotFoundException ex) {
-            Logger.getLogger(WebServiceClientTest.class.getName()).log(Level.SEVERE, null, ex);
+            Logger.getLogger(WebServiceClientTest.class.getName()).log(
+                    Level.SEVERE, null, ex);
         }
         connectionUri = properties.getProperty("uri");
         connectionPort = properties.getProperty("port");
-        warname = properties.getProperty("warname"); 
+        warname = properties.getProperty("warname");
         // Start Glassfish
         String server = properties.getProperty("server");
         if (server.equalsIgnoreCase("glassfish")) {
@@ -94,8 +95,10 @@ public class WebServiceClientTest
             // Deploy Glassfish referencing the web.xml
             ScatteredWar war = new ScatteredWar(getBaseURI().getRawPath(),
                     new File("../WebServiceServer/src/main/webapp"),
-                    new File("../WebServiceServer/src/main/webapp/WEB-INF/web.xml"),
-                    Collections.singleton(new File("target/classes").toURI().toURL()));
+                    new File(
+                    "../WebServiceServer/src/main/webapp/WEB-INF/web.xml"),
+                    Collections.singleton(new File("target/classes").toURI().
+                    toURL()));
             glassfish.deploy(war);
         }
     }
@@ -106,73 +109,138 @@ public class WebServiceClientTest
         super.tearDown();
 
         String server = properties.getProperty("server");
-        if (server.equalsIgnoreCase("glassfish")){
+        if (server.equalsIgnoreCase("glassfish")) {
             glassfish.stop();
         }
     }
 
     public void testResources() {
+
         if (Boolean.valueOf(properties.getProperty("testCreatePublicationHouse"))) {
+            LoginCenter.setUsername("imyousuf");
+            LoginCenter.setPassword("imyousuf");
+            try {
+                doTestCreatePublicationHouse();
+                fail("Should not succed");
+            } catch (Exception e) {
+            }
+            LoginCenter.setUsername("modhu");
+            LoginCenter.setPassword("modhu");
             doTestCreatePublicationHouse();
         }
         if (Boolean.valueOf(properties.getProperty("testGetAllPublicationHouse"))) {
             doTestGetAllPublicationHouse();
         }
-        if (Boolean.valueOf(properties.getProperty("testGetPublicationHouseByUniqueShortname"))) {
+        if (Boolean.valueOf(properties.getProperty(
+                "testGetPublicationHouseByUniqueShortname"))) {
             doTestGetPublicationHouseByUniqueShortName();
         }
+
         if (Boolean.valueOf(properties.getProperty("testUpdatePublicationHouse"))) {
+            LoginCenter.setUsername("modhu");
+            LoginCenter.setPassword("modhu");
+            try {
+                doTestUpdatePublicationHouse();
+                fail("Should not succed");
+            } catch (Exception e) {
+            }
+            LoginCenter.setUsername("imyousuf");
+            LoginCenter.setPassword("imyousuf");
             doTestUpdatePublicationHouse();
         }
         if (Boolean.valueOf(properties.getProperty("testDeletePublicationHouse"))) {
+            LoginCenter.setUsername("modhu");
+            LoginCenter.setPassword("modhu");
+            try {
+                doTestDelete();
+                fail("Should not succed");
+            } catch (Exception e) {
+            }
+            LoginCenter.setUsername("imyousuf");
+            LoginCenter.setPassword("imyousuf");
             doTestDelete();
         }
         if (Boolean.valueOf(properties.getProperty("testCreateBook"))) {
+            LoginCenter.setUsername("imyousuf");
+            LoginCenter.setPassword("imyousuf");
+            try {
+                doTestCreateBook();
+                fail("Should not succed");
+            } catch (Exception e) {
+            }
+            LoginCenter.setUsername("modhu");
+            LoginCenter.setPassword("modhu");
             doTestCreateBook();
         }
-        if (Boolean.valueOf(properties.getProperty("testReadBookListByPublisher"))) {
+        if (Boolean.valueOf(
+                properties.getProperty("testReadBookListByPublisher"))) {
             doTestReadBookListByPublisher();
         }
         if (Boolean.valueOf(properties.getProperty("testReadBookListByAuthor"))) {
             doTestReadBookListByAuthor();
         }
-        if (Boolean.valueOf(properties.getProperty("testReadBookListByPublicationHouse"))) {
+        if (Boolean.valueOf(properties.getProperty(
+                "testReadBookListByPublicationHouse"))) {
             doTestReadBookListByPublicationHouse();
         }
         if (Boolean.valueOf(properties.getProperty("testGetAll"))) {
             doTestGetAllElement();
         }
         if (Boolean.valueOf(properties.getProperty("testDeleteBook"))) {
+            LoginCenter.setUsername("modhu");
+            LoginCenter.setPassword("modhu");
+            try {
+                doTestDeleteBook();
+                fail("Should not succed");
+            } catch (Exception e) {
+            }
+            LoginCenter.setUsername("imyousuf");
+            LoginCenter.setPassword("imyousuf");
             doTestDeleteBook();
         }
-        
+
         if (Boolean.valueOf(properties.getProperty("testDeleteAll"))) {
+            LoginCenter.setUsername("modhu");
+            LoginCenter.setPassword("modhu");
+            try {
+                doTestDeleteAll();
+                fail("Should not succed");
+            } catch (Exception e) {
+            }
+            LoginCenter.setUsername("imyousuf");
+            LoginCenter.setPassword("imyousuf");
             doTestDeleteAll();
         }
-        
+
     }
 
     public void doTestCreatePublicationHouse() {
-        PublicationHouseService service = WebServiceClientFactory.getPublicationHouseService();
+        PublicationHouseService service = WebServiceClientFactory.
+                getPublicationHouseService();
         PublicationHouse publicationHouse = new PublicationHouse();
         for (int i = 0; i < 10; i++) {
             publicationHouse.setName("Smart Book House-" + i);
             publicationHouse.setAddress("Mohammadpur-" + i);
-            publicationHouse.setContactEmailAddress("info" + i + "@smartbookhouse.com");
+            publicationHouse.setContactEmailAddress("info" + i +
+                    "@smartbookhouse.com");
             publicationHouse.setUniqueShortName("smart" + i);
             service.create(publicationHouse);
         }
     }
 
     public void doTestGetAllPublicationHouse() {
-        PublicationHouseService service = WebServiceClientFactory.getPublicationHouseService();
+        PublicationHouseService service = WebServiceClientFactory.
+                getPublicationHouseService();
         PublicationHouseFilter houseFilter = new PublicationHouseFilter();
         houseFilter.setName("Smart Book House-1");
         final Collection<PublicationHouse> result = service.search(houseFilter);
         System.out.println(result);
-        Set<PublicationHouse> setPublicationHouse = new HashSet<PublicationHouse>(result);
-        System.out.println("the number of publication houses in search result from database = " + setPublicationHouse.size());
-        List<PublicationHouse> list = new LinkedList<PublicationHouse>(setPublicationHouse);
+        Set<PublicationHouse> setPublicationHouse =
+                new HashSet<PublicationHouse>(result);
+        System.out.println("the number of publication houses in search result from database = " +
+                setPublicationHouse.size());
+        List<PublicationHouse> list = new LinkedList<PublicationHouse>(
+                setPublicationHouse);
         for (PublicationHouse house : list) {
             System.out.println(house.getName());
             System.out.println(house.getAddress());
@@ -181,11 +249,15 @@ public class WebServiceClientTest
         }
         PublicationHouseFilter houseFilter1 = new PublicationHouseFilter();
         houseFilter1.setUniqueShortString("smart8");
-        final Collection<PublicationHouse> result1 = service.search(houseFilter1);
+        final Collection<PublicationHouse> result1 =
+                service.search(houseFilter1);
         System.out.println(result1);
-        Set<PublicationHouse> setPublicationHouse1 = new HashSet<PublicationHouse>(result1);
-        System.out.println("the number of publication houses in search result from database = " + setPublicationHouse1.size());
-        List<PublicationHouse> list1 = new LinkedList<PublicationHouse>(setPublicationHouse1);
+        Set<PublicationHouse> setPublicationHouse1 =
+                new HashSet<PublicationHouse>(result1);
+        System.out.println("the number of publication houses in search result from database = " +
+                setPublicationHouse1.size());
+        List<PublicationHouse> list1 = new LinkedList<PublicationHouse>(
+                setPublicationHouse1);
         for (PublicationHouse house : list1) {
             System.out.println(house.getName());
             System.out.println(house.getAddress());
@@ -195,13 +267,15 @@ public class WebServiceClientTest
     }
 
     public void doTestGetPublicationHouseByUniqueShortName() {
-        PublicationHouseService service = WebServiceClientFactory.getPublicationHouseService();
+        PublicationHouseService service = WebServiceClientFactory.
+                getPublicationHouseService();
 
 
     }
 
     public void doTestUpdatePublicationHouse() {
-        PublicationHouseService service = WebServiceClientFactory.getPublicationHouseService();
+        PublicationHouseService service = WebServiceClientFactory.
+                getPublicationHouseService();
         PublicationHouseFilter houseFilter = new PublicationHouseFilter();
 
         houseFilter.setName("Smart Book House-1");
@@ -222,15 +296,18 @@ public class WebServiceClientTest
     }
 
     public Set<PublicationHouse> getAllPubHouse() {
-        PublicationHouseService service = WebServiceClientFactory.getPublicationHouseService();
+        PublicationHouseService service = WebServiceClientFactory.
+                getPublicationHouseService();
         PublicationHouseFilter houseFilter = new PublicationHouseFilter();
         final Collection<PublicationHouse> result = service.search(houseFilter);
         return new HashSet<PublicationHouse>(result);
     }
 
     private void doTestDelete() {
-        PublicationHouseService service = WebServiceClientFactory.getPublicationHouseService();
-        List<PublicationHouse> list = new ArrayList<PublicationHouse>(getAllPubHouse());
+        PublicationHouseService service = WebServiceClientFactory.
+                getPublicationHouseService();
+        List<PublicationHouse> list = new ArrayList<PublicationHouse>(
+                getAllPubHouse());
         service.delete(list.get(3));
         service.delete(list.get(7));
         list.clear();
@@ -251,7 +328,8 @@ public class WebServiceClientTest
             PublicationHouse publicationHouse = new PublicationHouse();
             publicationHouse.setName("Smart Book House-200" + i);
             publicationHouse.setAddress("Mohammadpur-200" + i);
-            publicationHouse.setContactEmailAddress("info200" + i + "@smartitengineering.com");
+            publicationHouse.setContactEmailAddress("info200" + i +
+                    "@smartitengineering.com");
             publicationHouse.setUniqueShortName("smart200-" + i);
             Author author1 = new Author();
             author1.setName("Subrata Sen Gupta" + i);
@@ -264,7 +342,8 @@ public class WebServiceClientTest
             authors.add(author2);
             Publisher publisher = new Publisher();
             publisher.setName("AHM Yousuf-" + i);
-            publisher.setEmailAddress("ahmyousuf" + i + "@smartitengineering.com");
+            publisher.setEmailAddress("ahmyousuf" + i +
+                    "@smartitengineering.com");
             publisher.setPublicationHouse(publicationHouse);
             book.setName("The Art Of IT-" + i);
             book.setIsbn("123-4567-890-" + i);
@@ -288,20 +367,23 @@ public class WebServiceClientTest
     public Set<Book> getAllBook() {
         BookService service = WebServiceClientFactory.getBookService();
         BookFilter bookFilter = new BookFilter();
-        final Collection<Book> result = service.search(bookFilter);        
+        final Collection<Book> result = service.search(bookFilter);
         return new HashSet<Book>(result);
     }
 
     private void doTestDeleteAll() {
         BookService bookService = WebServiceClientFactory.getBookService();
-        PublicationHouseService houseService = WebServiceClientFactory.getPublicationHouseService();
+        PublicationHouseService houseService = WebServiceClientFactory.
+                getPublicationHouseService();
         List<Book> listBook = new ArrayList<Book>(getAllBook());
         System.out.println("Deleting the books ............ " + listBook.size());
         for (Book book : listBook) {
             bookService.delete(book);
         }
-        List<PublicationHouse> listHouse = new ArrayList<PublicationHouse>(getAllPubHouse());
-        System.out.println("Deleting the publication house ............ " + listHouse.size());
+        List<PublicationHouse> listHouse = new ArrayList<PublicationHouse>(
+                getAllPubHouse());
+        System.out.println("Deleting the publication house ............ " +
+                listHouse.size());
         for (PublicationHouse house : listHouse) {
             houseService.delete(house);
         }
@@ -324,7 +406,8 @@ public class WebServiceClientTest
         BookService service = WebServiceClientFactory.getBookService();
         BookFilter bookFilter = new BookFilter();
         List<Book> listBook = new ArrayList<Book>(getAllBook());
-        List<Author> listAuthors = new ArrayList<Author>(listBook.get(4).getAuthors());
+        List<Author> listAuthors = new ArrayList<Author>(listBook.get(4).
+                getAuthors());
         bookFilter.setAuthor(listAuthors.get(1).getId().toString());
         System.out.println(listAuthors.get(1).getId().toString());
         System.out.println(listAuthors.get(1).getId().toString());
@@ -336,9 +419,11 @@ public class WebServiceClientTest
         for (Book book : list) {
             System.out.println(book.getName());
             System.out.println(book.getIsbn());
-            System.out.println(new ArrayList<Author>(book.getAuthors()).get(1).getName());
+            System.out.println(new ArrayList<Author>(book.getAuthors()).get(1).
+                    getName());
             System.out.println(book.getPublisher().getName());
-            System.out.println(book.getPublisher().getPublicationHouse().getName());
+            System.out.println(
+                    book.getPublisher().getPublicationHouse().getName());
         }
     }
 
@@ -358,8 +443,10 @@ public class WebServiceClientTest
             System.out.println(book.getIsbn());
             System.out.println(book.getAuthors().size());
             System.out.println(book.getPublisher().getName());
-            System.out.println(book.getPublisher().getPublicationHouse().getName());
-            System.out.println(book.getPublisher().getPublicationHouse().getUniqueShortName());
+            System.out.println(
+                    book.getPublisher().getPublicationHouse().getName());
+            System.out.println(book.getPublisher().getPublicationHouse().
+                    getUniqueShortName());
         }
 
     }
@@ -368,7 +455,8 @@ public class WebServiceClientTest
         BookService service = WebServiceClientFactory.getBookService();
         BookFilter bookFilter = new BookFilter();
         List<Book> listBook = new ArrayList<Book>(getAllBook());
-        bookFilter.setPublisher(listBook.get(5).getPublisher().getId().toString());
+        bookFilter.setPublisher(
+                listBook.get(5).getPublisher().getId().toString());
         System.out.println("This is for special search");
         System.out.println(listBook.get(5).getPublisher().getId());
 
@@ -381,13 +469,15 @@ public class WebServiceClientTest
             System.out.println(book.getIsbn());
             System.out.println(book.getAuthors().size());
             System.out.println(book.getPublisher().getName());
-            System.out.println(book.getPublisher().getPublicationHouse().getName());
+            System.out.println(
+                    book.getPublisher().getPublicationHouse().getName());
 
         }
     }
 
     private void doTestGetAllElement() {
-        List<PublicationHouse> list = new ArrayList<PublicationHouse>(getAllPubHouse());
+        List<PublicationHouse> list = new ArrayList<PublicationHouse>(
+                getAllPubHouse());
         System.out.println("The number of total houses " + list.size());
         for (PublicationHouse house : list) {
             System.out.println(house.getName());
diff --git a/WebServiceServer/src/main/resources/app-context-security.xml b/WebServiceServer/src/main/resources/app-context-security.xml
index 55eef8f..43ec80e 100644
--- a/WebServiceServer/src/main/resources/app-context-security.xml
+++ b/WebServiceServer/src/main/resources/app-context-security.xml
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:aop="http://www.springframework.org/schema/aop"
@@ -11,13 +10,17 @@ http://www.springframework.org/schema/aop http://www.springframework.org/schema/
 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
     <sec:http auto-config="true">
-        <sec:intercept-url pattern="/**/*" access="ROLE_TECHNICIAN"/>
+        <sec:intercept-url method="GET" pattern='/**/*' access="ROLE_GET" />
+        <sec:intercept-url method="POST" pattern='/**/*' access="ROLE_POST" />
+        <sec:intercept-url method="DELETE" pattern='/**/*' access="ROLE_DELETE" />
+        <sec:intercept-url method="PUT" pattern='/**/*' access="ROLE_PUT" />
         <sec:http-basic />
     </sec:http>
     <sec:authentication-provider>
         <sec:user-service>
-            <sec:user name="modhu" password="modhu" authorities="ROLE_USER, ROLE_ADMIN, ROLE_TECHNICIAN" />
-            <sec:user name="imyousuf" password="imyousuf" authorities="ROLE_USER" />
+            <sec:user name="modhu" password="modhu" authorities="ROLE_GET, ROLE_POST" />
+            <sec:user name="imyousuf" password="imyousuf" authorities="ROLE_DELETE, ROLE_PUT, ROLE_GET" />
+            <sec:user name="superadmin" password="superadmin" authorities="ROLE_DELETE, ROLE_PUT, ROLE_GET, ROLE_POST" />
         </sec:user-service>
     </sec:authentication-provider>
 </beans>
diff --git a/WebServiceServer/src/test/java/com/smartitengineering/bookstore/ws/server/BookStoreResourcesTest.java b/WebServiceServer/src/test/java/com/smartitengineering/bookstore/ws/server/BookStoreResourcesTest.java
index d9b6f52..05c20d1 100644
--- a/WebServiceServer/src/test/java/com/smartitengineering/bookstore/ws/server/BookStoreResourcesTest.java
+++ b/WebServiceServer/src/test/java/com/smartitengineering/bookstore/ws/server/BookStoreResourcesTest.java
@@ -83,7 +83,7 @@ public class BookStoreResourcesTest
         glassfish.stop();
     }
 
-    public void testResources() {
+    public void testResources() {        
         doTestPublicationServices();
         doTestBookServices();
     }
@@ -295,7 +295,7 @@ public class BookStoreResourcesTest
 
     private WebResource getWebResource() {
         DefaultApacheHttpClientConfig clientConfig = new DefaultApacheHttpClientConfig();
-        clientConfig.getState().setCredentials(null, null, -1, "modhu", "modhu");
+        clientConfig.getState().setCredentials(null, null, -1, "superadmin", "superadmin");
         clientConfig.getProperties().put(ApacheHttpClientConfig.PROPERTY_PREEMPTIVE_AUTHENTICATION, 
             Boolean.TRUE);
         client = ApacheHttpClient.create(clientConfig);
-- 
2.11.4.GIT